Spring Security OAuth2 SSO 单点登录

基于 Spring Security OAuth2 SSO 单点登录系统

SSO简介

单点登录（英语：Single sign-on，缩写为 SSO），又译为单一签入，一种对于许多相互关连，但是又是各自独立的软件系统，提供访问控制的属性。当拥有这项属性时，当用户登录时，就可以获取所有系统的访问权限，不用对每个单一系统都逐一登录。这项功能通常是以轻型目录访问协议（LDAP）来实现，在服务器上会将用户信息存储到LDAP数据库中。相同的，单一退出（single sign-off）就是指，只需要单一的退出动作，就可以结束对于多个系统的访问权限。

Spring Security OAuth

Spring Security OAuth使用标准的Spring和Spring Security编程模型和配置惯例，为使用Spring Security with OAuth（1a）和OAuth2提供支持。OAuth协议

案例介绍

此工程分为三个模块：授权服务器（sso-auth-server）、web应用a（sso-client-a）、web应用b（sso-client-b），想达到的目的是：某一个用户在a系统登陆后在跳往b系统后不用在重复登录。

sso-auth-server:

pom:

<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency>
</dependencies>

yml:

server:port: 8082context-path: /auth_server

SsoServerApplication.java

/*** @author Leone* @since 2018-05-07**/
@SpringBootApplication
public class SsoServerApplication {public static void main(String[] args) {SpringApplication.run(SsoServerApplication.class, args);}/*** 为测试环境添加相关的 Request Dumper information，便于调试** @return*/@Profile("!cloud")@BeanRequestDumperFilter requestDumperFilter() {return new RequestDumperFilter();}}

userDetailsService.java

/*** @author Leone* @since 2018-05-07**/
@Component
public class SsoUserDetailsService implements UserDetailsService {@Autowiredprivate PasswordEncoder passwordEncoder;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {return new User(username, passwordEncoder.encode("admin"), AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));}
}

SsoSecurityConfig.java

/*** @author Leone* @since 2018-05-07**/
@Configuration
public class SsoSecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin().and().authorizeRequests().antMatchers("/**/*.js", "/**/*.css", "/**/*.jpg", "/**/*.png").permitAll().anyRequest().authenticated().and().csrf().disable();//  http.formLogin().and().authorizeRequests().anyRequest().authenticated();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}
}

SsoAuthServerConfig.java

/*** @author Leone* @since 2018-05-07**/
@Configuration
@EnableAuthorizationServer
public class SsoAuthServerConfig extends AuthorizationServerConfigurerAdapter {/*** 客户端一些配置** @param clients* @throws Exception*/@Overridepublic void configure(ClientDetailsServiceConfigurer clients) throws Exception {clients.inMemory().withClient("client1").secret("secret1").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true).and().withClient("client2").secret("secret2").authorizedGrantTypes("authorization_code", "refresh_token").scopes("all", "read", "write").autoApprove(true);}/*** 配置jwtTokenStore** @param endpoints* @throws Exception*/@Overridepublic void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {endpoints.tokenStore(jwtTokenStore()).accessTokenConverter(jwtAccessTokenConverter());}/*** springSecurity 授权表达式** @param security* @throws Exception*/@Overridepublic void configure(AuthorizationServerSecurityConfigurer security) throws Exception {security.tokenKeyAccess("isAuthenticated()");}/*** JwtTokenStore** @return*/@Beanpublic TokenStore jwtTokenStore() {return new JwtTokenStore(jwtAccessTokenConverter());}/*** 生成JTW token** @return*/@Beanpublic JwtAccessTokenConverter jwtAccessTokenConverter() {JwtAccessTokenConverter converter = new JwtAccessTokenConverter();converter.setSigningKey("andy");return converter;}
}

sso-client-a

pom:

<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>

yml:

server:port: 8080context-path: /clienta
security:oauth2:client:clientId: client1clientSecret: secret1access-token-uri: http://127.0.0.1:8082/auth_server/oauth/token    #请求令牌的地址user-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorize    #请求认证的地址resource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key   #解析jwt令牌所需要密钥的地址

index.html

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-A</title>
</head>
<body><h1>sso demo client-A</h1><a href="http://127.0.0.1:8081/clientb/index.html">访问client-b</a>
</body>
</html>

SsoClientA.java

/*** @author Leone* @since 2018-05-07**/
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientA {public static void main(String[] args) {SpringApplication.run(SsoClientA.class, args);}
}

sso-client-b

pom:

<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.springframework.security.oauth</groupId><artifactId>spring-security-oauth2</artifactId></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-jwt</artifactId></dependency></dependencies>

yml:

server:port: 8081context-path: /clientb
security:oauth2:client:clientId: client2clientSecret: secret2access-token-uri: http://127.0.0.1:8082/auth_server/oauth/tokenuser-authorization-uri: http://127.0.0.1:8082/auth_server/oauth/authorizeresource:jwt:key-uri: http://127.0.0.1:8082/auth_server/oauth/token_key

index.html

<!DOCTYPE html>
<html lang="en">
<head><meta charset="UTF-8"><title>sso-client-B</title>
</head>
<body><h1>sso demo client-B</h1><a href="http://127.0.0.1:8080/clienta/index.html">访问client-a</a>
</body>
</html>

SsoClientA.java

/*** @author Leone* @since 2018-05-07**/
@RestController
@EnableOAuth2Sso
@SpringBootApplication
public class SsoClientB {@Autowiredprivate OAuth2RestTemplate oAuth2RestTemplate;public static void main(String[] args) {SpringApplication.run(SsoClientB.class, args);}@GetMapping("/user")public Authentication user(Authentication user) {return user;}@Beanpublic OAuth2RestTemplate oAuth2RestTemplate(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails details){return new OAuth2RestTemplate(details,oAuth2ClientContext);}
}

项目源码:git@github.com:janlle/sso-server.git

Spring Security OAuth2 SSO 单点登录相关推荐

使用Spring Security OAuth2实现单点登录(SSO)系统
一.单点登录SSO介绍目前每家企业或者平台都存在不止一套系统,由于历史原因每套系统采购于不同厂商,所以系统间都是相互独立的,都有自己的用户鉴权认证体系,当用户进行登录系统时,不得不记住每套系统的 ...
关于Spring Security框架关于单点登录sso
1.Spring Security的作用 Spring Security主要解决了认证和授权相关的问题. 认证(Authenticate):验证用户身份,即登录. 授权(Authorize):允许用户 ...
springBoot整合spring security+JWT实现单点登录与权限管理前后端分离
在前一篇文章当中,我们介绍了springBoot整合spring security单体应用版,在这篇文章当中,我将介绍springBoot整合spring secury+JWT实现单点登录与权限管理. ...
springBoot整合spring security+JWT实现单点登录与权限管理前后端分离--筑基中期
写在前面在前一篇文章当中,我们介绍了springBoot整合spring security单体应用版,在这篇文章当中,我将介绍springBoot整合spring secury+JWT实现单点登录与 ...
Spring Security OAuth2 SSO
通常公司肯定不止一个系统,每个系统都需要进行认证和权限控制,不可能每个每个系统都自己去写,这个时候需要把登录单独提出来登录和授权是统一的业务系统该怎么写还怎么写最近学习了一下Spring Sec ...
Spring Security Oauth2 JWT----单点登录、注销、续签的问题
什么是用户身份认证? 用户身份认证即用户去访问系统资源时系统要求验证用户的身份信息,身份合法方可继续访问.常见的用户身份认证表现形式有:用户名密码登录,指纹打卡等方式. 什么是用户授权? 用户认证通 ...
Spring Security OAuth2 单点登录和登出
文章目录 1. 单点登录 1.1 使用内存保存客户端和用户信息 1.1.1 认证中心 auth-server 1.1.2 子系统 service-1 1.1.3 测试 1.2 使用数据库保存客户端和用 ...
Spring Security简单SSO
问题简单使用Spring Security实现简单单点登录. 思路引入Spring Security ,Spring Session Redis相关库,简单配置Spring Security实现对 ...
【Spring Cloud Alibaba 实战 | 总结篇】Spring Cloud Gateway + Spring Security OAuth2 + JWT 实现微服务统一认证授权和鉴权
一. 前言 hi,大家好~ 好久没更文了,期间主要致力于项目的功能升级和问题修复中,经过一年时间这里只贴出关键部分代码的打磨,[有来]终于迎来v2.0版本,相较于v1.x版本主要完善了OAuth2认证 ...

Spring Security OAuth2 SSO 单点登录

基于 Spring Security OAuth2 SSO 单点登录系统

Spring Security OAuth2 SSO 单点登录相关推荐

最新文章

热门文章